Confusion over who to call during a cyber attack remains a frustration for federal bureaucracies (Source: acus.org)

The Department of Defense (DOD), the National Security Agency (NSA), the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) all compete for cyber security primacy

Cyber security has become an increasingly important issue in recent years due to the number of attacks launched against corporations and governments around the world. For instance, hacker groups LulzSec and Anonymous as well as others have broken into several corporate websites/records such as Sony, Fox and Gmail accounts. Government websites such as those for the CIA and top U.S. government information technology services provider Lockheed Martin were hacked as well.

Dealing with cyber attacks is difficult for government security agencies because it's hard to tell if it's an act of war or just smaller-scale criminal acts. An even larger problem in dealing with cyber attacks is determining who to call when one occurs. For instance, a cyber attack on a Department of Defense network might seem like an obvious job for the military, but if the attack occurred within the U.S., it would be categorized in criminal statutes.

The September 11 terrorist attacks shed some light on the fact that federal agencies don't always work well with one another (and haven't for decades), and that some fight over who should be called first in the case of such an attack. For instance, during the September 11 terrorist attacks, the CIA, FBI and law enforcement officers were criticized for not working with one another when the CIA knew the approximate location of the attackers but did not tell the FBI.

There are four different federal agencies that deal with cyber security, including the Department of Defense (DOD), the National Security Agency (NSA), the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI).

The NSA and DHS are competitive over primacy in cyber security, where the NSA has asked for the lead role in this particular area in the past. But the NSA has a bit of a shady past with issues like its warrantless wiretapping program that was discovered in 2005. There are debates as to whether the NSA should play a lead role in certain situations, but the Obama administration noted that it recognizes DHS as the leader in cyber security.

Despite who the leader in cyber security is, these federal agencies are supposed to coordinate their efforts through Howard Schmidt, the president's cyber security coordinator since 2009. While Schmidt doesn't have the budget or staff he would like, his role in keeping the agencies on the same page helps keep some order. He also recognizes (and helped the agencies recognize) that each agency has its own area of expertise, and would know who to call in certain situations.

There are some circumstances, however, where disorganization is preferred. According to Travis Sharp, a fellow at the Center for a New American Security in Washington D.C., an "overarching" agency could be troublesome in some cases. But overall, a cyber security coordinator acting as a "clearinghouse" for these agencies is the better approach.

While feuds and debates have caused tension within the federal bureaucracies for years, James Lewis, a director and senior fellow at the Center for Strategic and International Studies in Washington, noted that the different agencies have become much better at coordinating and sharing information with one another over the last three years. NSA Director Gen. Keith Alexander agreed.

Comments

Threshold

Username

Password

remember me

This article is over a month old, voting and posting comments is disabled

at the time, the CIA was primarily concerned with external threats, and the FBI with internal threats.

the intelligence failures are actually well-documented with regards to 9-11. simple heuristics could have provided the names of 3/4ths of the hijackers; just by cross-checking the names of 1 known suspect against:

-phone bills/records-mailing addresses/residences-booked flights

it's even more telling that none of the hijackers were using aliases (or if they were, those alieses were not unknown to US intelligence).

You know, most agencies at Federal, State and city levels can't even communicate with each other via radio. PD and FD use completely different spectrum and the radios are not compatible with one another.

Communication from top-to-bottom in this country is ancient. Even with new equipment, all the red tape prohibits compatibility because of different unions, vendors, political reasons, privacy laws, etc.

In the end, all it really does is make it less safe for the general public.

I agree but when the NSA asks for those phone bills/records, people start crying about illegal wire tapping despite those phone records being available to numerous other sources (think third party) that the phone companies sell our information to.... I wish people would get their priorities straight - I don't care if gov't agencies have access to my bills, I DO care if DoubleClick (and others) has access.